Lucene search
K

28 matches found

Patchstack
Patchstack
added 2026/06/25 8:11 a.m.5 views

WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability

Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...

6.5CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/14 2:16 a.m.20 views

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 12:22 a.m.30 views

CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS0.00216EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/14 12:22 a.m.11 views

EUVD-2026-22182

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the use of storage-oriented cross-site scripting in the application name or icon...

6.9CVSS5.9AI score0.00216EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 6:49 p.m.2 views

CVE-2026-27602

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

7.2CVSS5.9AI score0.00566EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

WordPress plugin Woody ad snippets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

9.9CVSS5.9AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.6 views

CVE-2026-30914

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

8.1CVSS0.00521EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-30915

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 7:4 p.m.5 views

CVE-2026-30915

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.7 views

SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.28 views

CVE-2026-32402 WordPress Image Slider by Ays plugin <= 2.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through = 2.7.1...

5.3CVSS0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

SFTPGo 路径遍历漏洞

SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by inconsistent path normalization, potentially leading to authorization bypasses...

8.1CVSS7.3AI score0.00521EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 12:30 p.m.5 views

EUVD-2025-205708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a through = 2.7.1...

5.5AI score0.00127EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30538

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be...

7.5CVSS7.4AI score0.03463EPSS
Exploits0References2
OSV
OSV
added 2025/09/01 9:52 a.m.2 views

MAL-2025-46954 Malicious code in monolith-twirp-octoshift-imports (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 221b3fbda6780c082532d35d4b0ce79ea245c161c259ec2d4e3f741df68efe52 The OpenSSF Package Analysis project identified 'monolith-twirp-octoshift-imports' @ 2.7.1 rubygems as malicious. It is considered malicious...

7.2AI score
Exploits0
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.5 views

WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Widget Countdown versions = 2.7.1...

6.5CVSS6.1AI score0.00287EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/12/13 3:15 p.m.4 views

CVE-2022-46840

Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1...

5.4CVSS5.8AI score0.00441EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.6 views

WordPress plugin Tutor LMS security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.8AI score0.00343EPSS
Exploits0References4
Rows per page
Query Builder